Cyber Security Vulnerability Management Analyst
McCormick & Company, Inc., a world leader in the spice, flavor and seasonings industry, is seeking a temporary full time Vulnerability Management Analyst. This is position will be located in London, ON This position will report to the Director, Cyber Security Threat Intelligence and Incident Response
With more than $5 billion in annual sales, the Company manufactures markets and distributes spices, seasoning mixes, condiments and other flavorful products to the entire food industry – retail outlets, food manufacturers and foodservice businesses. We create differentiating flavors consumers prefer with unmatched quality, science, innovation and service. Every day, no matter where or what you eat, you can enjoy food flavored by McCormick. McCormick brings passion to flavor™!
Position Overview/Primary Purpose:
The Vulnerability Management Analyst – This role works with the team that defines the strategic vision, roadmap, principals and standards for McCormick’s Threat Intelligence and incident response capabilities. The scope of this role includes providing expertise and understanding of the threat landscape working with different teams to mitigate risk and understand the threats that might impact our business. Provide expert knowledge of Threat Intelligence process and technologies including vulnerability management. In this role you will scan, track, analyze, and report on vulnerabilities as part of the vulnerability management process. To accomplish this, you will work closely with our internal security teams, managed service providers, project team, and other partners to help develop threat intelligence program that is resilient and supportable.
This position will provide the opportunity to assist in monitoring and protecting McCormick cloud applications and infrastructure, local infrastructure, and physical locations against intrusion, hacking attempts, viruses, malware, and vulnerabilities. You would play a key role in assisting the Security teams in vulnerability management initiatives.
- Daily assessment of vulnerabilities identified by infrastructure scan
- Evaluate, rate and perform risk assessments on assets
- Prioritizing vulnerabilities discovered along with remediation timeline(s)
- Work with associated teams to explain vulnerabilities and remediation steps as required.
- Maintain knowledge of the threat landscape
- Create reports and provide analysis on vulnerabilities for technical teams and leadership
- Skill Required: Knowledge of application, network and operating system security
- Experience with vulnerability and patch assessment
- Linux and windows experience
- Good understanding of Windows and Linux patching
- Knowledge of vulnerability scoring systems (CVSS/CMSS)
- Experience on vulnerability scanning tools
- Excellent writing and presentation skills are required in order to communicate findings and status
- Cleary communicate priorities and escalation points/procedures to other team members
- Detail oriented, organized, methodical, follow up skills with an analytical thought process
- Experience performing dynamic scans, static scans and penetration testing
- Development experience.
- Project management experience
- Innovative and efficiency focused,
- Track trends and configure systems as required to reduce false positives from true events.
- Bachelor’s degree in Information Technology or in a relevant field.
- 3 years vulnerability management experience
- 2 years experience working in a SOC environment, incident response, threat hunting, and SIEM.
- 2 years experience working in a 24x7 global enterprise environment.
- Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, CIS Controls and OWASP Top 10.
- Understanding of incident handling and forensics, Risk Assessment & Quantification methodologies, and familiarity with automated security monitoring systems and log correlation. Microsoft Windows and Unix Operating Systems basics
- Proven experience in IT systems design and development of security tools and platforms such as Azure, Rapid 7, QRadar, Sentinel, Microsoft AD/Azure AD, and 365. Experience working with offensive security tools and processes.
- Possess an enterprise-wide view of security operations with varying degrees of appreciation for strategy, processes and capabilities, enabling technologies, and governance.
- Understand complex architecture concepts across multiple technologies within systems in a hybrid cloud architecture
- Experience working in a team-oriented, collaborative environment.
- Exceptional communication skills and the ability to communicate appropriately at all levels of the organization; this includes written and verbal communications as well as visualizations.
- Positive approach to customer service with demonstrated ability to handle high pressure support needs in a calm, respectful, and efficient manner.
- Ability to maintain confidential and personal information
- A combination of the following:
- GIAC Certified
- CCSK – Certificate of Cloud Security Knowledge
- OSCP – Offensive Security Certified Professional
- CISSP – Certified Information Systems Security Professional
- CCSP – Certified Cloud Security Professional
- AWS Certified Solutions Architect – Associate
- CEH – EC | Council Certified Ethical Hacker
- ITIL Foundation v4
- ITIL Intermediate – IT Service Operation
- CCNA – Cisco Certified Network Associate
- CISC – Certified Information Security Consultant
- CPFA – Certified Professional Forensics Analyst
- RHCE – Red Hat Certified Engineer
- Microsoft Certified: Azure Security Engineer Associate
McCormick & Company is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future.